Compared with other challenges in our technological world,identity theft is a newcomer on the scene. As recently as five or10 years ago, we felt relatively safe surfing the World Wide Web.Today, the threat of our identities falling into dangerous handstops the list of rapidly growing e-crimes.

The ever-increasing use of the Internet gives agencies anexcellent opportunity to provide their customers with informationthey can use to protect themselves against identity theft. Here areseven of the most common mistakes people make online that can leadto identity theft.
Mistake 1: Handing over personal details to aphisher. According to Webopedia, phishing is “the act ofsending an e-mail to a user falsely claiming to be an establishedlegitimate enterprise in an attempt to scam the user intosurrendering private information that will be used for identitytheft. The e-mail directs the user to visit a Web site where theyare asked to update personal information, such as passwords andcredit card, Social Security and bank account numbers, that thelegitimate organization already has. The Web site, however, isbogus and set up only to steal the user's information.”
For example, some cyber bad guys recently spammed large groups ofpeople with a false eBay scheme to supposedly “confirm” credit cardinformation. They counted on a certain percentage of readers beingwilling to carelessly hand over valuable information.
Financial institutions are being hit the hardest. According to a2007 study by the IBM Internet Security Systems X-Force, 19 of thetop 20 companies that were the supposed senders of phishing e-mailswere in the banking industry.
Protection tip: Never click on a link in any e-mail fromsomeone you don't know, especially if it's from a business likeeBay. Open a browser and visit the real Web site. You can find outmore about phishing scams at www.scambusters.org (“PhishingScams: How You Can Protect Yourself”).
Mistake 2: Telling the world who you are and how youlive. Social networking. Belonging. Instant access to newand old friends around the world with a mouse click. What afantastic opportunity to be part of the great cultural link knownas the 24/7 wired society. Or is it?
Sites like Facebook and MySpace are adding new members by theminute. Unfortunately, criminals are also working minute by minuteon new ways to add to their collection of identities stolen fromunsuspecting social networkers. Their target? Insignificant detailsabout your daily life and lifestyle.
These thieves understand the value of ordinary tidbits of data thatcan enable them to piece together enough information to passthemselves off as you and commit another crime. They canscreen-grab your photo, too.
Protection tip: Never use your full name on socialnetworking sites. Use a nickname wherever possible. When you mustuse your name, never provide additional personal details and resistthe temptation to post your photo.
Mistake 3: Downloading spyware by clicking on one of thoseannoying pop-ups. When was the last time one of thoseannoying pop-up messages invaded your Web experience? If you wereon the Web this morning, you may have seen one (or many more)today.
For example, a common threat is the pop-up message warning you thatyour Internet security is at risk. At best, this seemingly innocentact can be the first step to downloading and installing a programon your PC aimed at identity theft or spying. At worst, you couldbe downloading a cyberspy that records every keystroke beforesending this valuable information to a scammer.
Shady music downloading sites or clicking on an e-mail link thattells you a friend has sent an e-card greeting can be the firststep to identity theft.
Protection tip: Never click on an unexpected pop-up. Evenbetter, disable pop-ups in your browser if you can. Before youclick on an e-card link, make sure you know the sender.
Mistake 4: E-mailing your confidential information tothieves. Many agencies are surprised to learn that theire-mail is probably not secure. This means that e-mailed informationis up for grabs for cybercriminals. Customers have the sameproblem. Whether their e-mail is hosted by Yahoo, Hotmail or one ofthe other dozens of e-mail services, information ranging from anaddress to a Social Security number is ripe for picking.
Protection tip: Do not put personal or financialinformation in an e-mail. Phones still work in the Internet Age,and they're much more secure. If possible, make sure e-mail isdeleted from the server by the e-mail provider. And don't forgetsmart password management by making sure addresses and passwordsare hard to guess (see below). If you visit a site that requires ane-mail address and you're reluctant to provide one, check out acreative option: one-time e-mail addresses available at www.10minutemail.com. You canalso use a service such as www.sneakemail.com to create ane-mail address you can turn off at any time.
Mistake 5: Revealing yourself on unsecured Websites. Here's a brilliant revelation: Unsecured Web sitescannot secure information from hackers and scammers. Enteringpersonal details on even a legitimate site can make you an easytarget for identity theft if the site isn't properly secured.
Protection tip: Look for “https” or “shttp” (the 's'stands for secure) before giving personal information. Another tipis to look for a lock icon in the address or status bar.
Mistake 6: Leaving personal information on a publiccomputer. What do cybercaf?s and public libraries have incommon? They're both places where personal information can be leftbehind for eager identity thieves to steal.
Whenever you walk away from a computer, you potentially leave awide variety of personal data behind. Even computers that areshared with coworkers increase the risk of losing control ofprivate personal data.
Protection tip: Avoid using public computers forconfidential purposes, period. Even if you logged out–which isnonetheless still a good idea–details of your activities are stillstored on the PC. Public computers may have spyware to capturepasswords. Make a habit of frequently cleaning your browsinghistory by using the options or security menu in the browser.
Mistake 7: Using easy-to-remember passwords. Ifyour passwords are easy for you to remember, they're also easy forcybercriminals to guess.
Passwords, the very tools designed to provide security, are oftenthe weakest link in our Internet armor. Using any single word,whether it's your pet's name or a random word from the dictionary,makes it easy to discover. Using insecure password savers orstoring them somewhere is also a giveaway.
Protection tip: Obviously, stay away from passwords basedon the name of your pets or kids or important dates. Use mixturesof letters, numbers and even punctuation, and change themfrequently. Don't use programs that fill in your passwords unlessthey too are protected by a master password. An excellent place tostart examining the security of your password is Microsoft's onlinepassword checker.
The Internet superhighway carries an ever-growing amount of theactivities, information and communication that make up our modernsociety. We all understand that car drivers must be educated andlicensed to operate a vehicle. Doesn't it also make sense toeducate Internet “drivers” on the proper and safe way to navigatetheir wired world? And all the more so when it's apparent that theelectronic future will bring only more identity risk?
Like most insurance carriers, Allstate has an excellent commercialin which the distinguished actor Dennis Haysbert offers a free“Parent-Teen First-Time Drivers' Contract.” Since the publicalready understands the benefits of driver training, offeringsomething like a “Parent-Teen Identity Protection Contract” is anexcellent opportunity for an agency to communicate a strongprotection message to both baby boomers and Gen Y. Sound like aninteresting idea? Advanced Automation has just such a resource thatwe'll be delighted to send you. Just e-mail me–securely!–at[email protected].Tom Baker is the Solutions coach for Advanced Automation'sSolutions agencies. For the past 17 years, Advanced Automation hasoffered agency consulting services to address a variety ofmanagement and agency development issues. He is also an author andfrequent conference speaker. Tom can be reached at [email protected].